locked
SQL database mail is not sending an email after disabling TLS 1.0, 1.1 and SSL RRS feed

  • Question

  • Hi All, 

    I  have database mail configured in SQL server , recently for security reason I disabled TLS 1.1,1.0 and SSL from the same server and changing SQL default port to another one , after doing so the messages stopped sending any email to any account, 

    and when I am sending test message it's directly returning the following error : 

    Date 25/10/2018 09:57:50 AM
    Log Database Mail (Database Mail Log)

    Log ID 1315
    Process ID 6124
    Mail Item ID 1142
    Last Modified 25/10/2018 09:57:50 AM
    Last Modified By "user"

    Message
    The mail could not be sent to the recipients because of the mail server failure. (Sending Mail using Account 1 (2018-10-25T09:57:50). Exception Message: Cannot send mails to mail server. (Failure sending mail.).
    )

    using

    Microsoft SQL Server 2014 (SP2-GDR) (KB4057120) - 12.0.5214.6 (X64) 
    Windows server standard 2012 R2


    any reply or help would be highly appreciated 

    B regards

    Thursday, October 25, 2018 8:43 AM

All replies

  • How do you know that issue is due to TLS 1.0 ? The error message looks a bit different

    Anyways here's the fix for DBMail if TLS 1.0 is dsiabled

    https://www.ryanjadams.com/2016/07/database-mail-breaks-tls-1-0-disabled/


    Please Mark This As Answer if it solved your issue
    Please Vote This As Helpful if it helps to solve your issue
    Visakh
    ----------------------------
    My Wiki User Page
    My MSDN Page
    My Personal Blog
    My Facebook Page

    Thursday, October 25, 2018 10:56 AM
  • Hi Visakh16,

    thank you for your reply, it's TLS issue because simply email will back to work after I check TLS again from the server reboot and try again

    unfortunately the link you provide does not have hotfix available for my SQL version ,

    may need to do more research or maybe I will try upgrading .net framework to 4.6.1

    Regards

    Thursday, October 25, 2018 1:56 PM
  • Hi p_maldini3,

     

    SQL Server Database mail uses System.Net.Mail to do the work, and SQL Server 2014 database mail is built for .Net 3.5.

     

    The System.Net.Mail is able to send mail using TLS 1.2 when the build runtime version is 4.6 or above. So SQL Server 2014 database mail does not support TLS 1.2.

     

    Besides, you can try to install the .NET hotfix to enable Database Mail to use TLS 1.2.

     

    https://support.microsoft.com/en-us/help/3154520/support-for-tls-system-default-versions-included-in-the-net-framework

     

    Best Regards,

    Emily


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com

    • Proposed as answer by AV111 Friday, October 26, 2018 1:13 PM
    Friday, October 26, 2018 6:09 AM
  • Hi Emily,

    Thank you for reply,

    Unfortunately none of the hotfixes could even install on my server 2012 R2, installing the latest update of sql server 2014 cum 14 didn't make any change  

    SQL 2016 still does not support that, since this issue raised by security team , I may have to upgrade my sql server to a newer version, now does sql server 2017 support tls 1.2 ?

    Thnx in advance   

    Sunday, October 28, 2018 11:03 AM
  • If you don't install the patch. SQL Server 2017 database mail doesn't support TLS1.2.

    Monday, October 29, 2018 3:59 PM
  • Hi Abbottee,

    thank you for your post, can you please share required patch article or link related to that ? there are many articles that make sql server 2014 , 2016 support tls 1.2 but none of them fix the issue.

    I am talking only about database mail issue with tls 1.2 not sql server version itself 

    Mohd

    Tuesday, October 30, 2018 1:35 PM
  • Hi Mohd,

     

    From Microsoft support article, here is a description about it.

     

    Additional fixes needed for SQL Server to use TLS 1.2

     

    You have to install the following .NET hotfix rollups to enable SQL Server features like Database Mail and certain SSIS components that use .NET endpoints which require TLS 1.2 support like the Web Service task to use TLS 1.2.

     

    Operating System

    .NET Framework version

    Updates with TLS 1.2 support

    Windows 7 Service Pack 1, Windows 2008 R2 Service Pack 1

    3.5 .1

    Support for TLS v1.2 included in the .NET Framework version 3.5.1

    Windows 8 RTM, Windows 2012 RTM

    3.5

    Support for TLS v1.2 included in the .NET Framework version 3.5

    Windows 8.1, Windows 2012 R2 SP1

    3.5 SP1

    Support for TLS v1.2 included in the .NET Framework version 3.5 SP1 on Windows 8.1 and Windows Server 2012 R2

     

    If these patches can not work well, I would suggest you creating a feedback to Microsoft.  https://feedback.azure.com/forums/908035-sql-server

     

    Best Regards,

    Emily


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com

    Wednesday, October 31, 2018 7:38 AM
  • Hi Emily ,

    thank you for your reply, the hotfix you provide may work on windows 8 I think , but it won't work with windows server  version I although I select the correct one for win server standard r2 2012 but I am getting an error,

    " the update is not applicable to your computer "

    not sure if this hotfixes applicable with servers version because in server there is different way to update or modify .Net framework.

    Regards

    Wednesday, October 31, 2018 1:01 PM
  • Hi p_maldini3,

     

    For more information about the windows server hotfixes to enable the TLS1.2 for .Net 3.5. I would suggest you contacting to the Microsoft support engineers.

     

    https://support.microsoft.com/en-us/assistedsupportproducts

     

    Best Regards,

    Emily


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com

    Thursday, November 1, 2018 9:24 AM
  • See this thread for details of all of the registry settings required to get SQL Server database mail working with only TLS 1.2 enabled: https://dba.stackexchange.com/questions/213608/enable-tls-1-2-for-sql-server-2016-database-mail

    Including for example these 2 little mentioned, poorly documented but essential settings:

    Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
    "SchUseStrongCrypto"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
    "SchUseStrongCrypto"=dword:00000001




    • Proposed as answer by Zeek2 Thursday, March 28, 2019 4:19 PM
    • Edited by Zeek2 Tuesday, April 2, 2019 9:30 AM Expanded text a little.
    Thursday, March 28, 2019 4:18 PM
  • We also get the same error when attempting to install the hotfix, and registry changes have been made to both .NETFramework v2.0... and v.4.0... reg keys. Still getting error when sending dbmail to O365 regarding TLS communication failing. SQL is 2014 SP4 GDR. Any additional suggestions? Both client and server side TLS 1.0, TLS 1.1, SSL 3.0 have all been disabled. Only TLS 1.2 is enabled, strong crypto is enabled for .NET, and we are still getting failures. Unless we can get this fixed, we will not be migrating 12k+ users to O365.....
    Wednesday, July 3, 2019 5:17 AM
  • Has anyone been able to resolve this issue? I currently have SQL Serer 2016, housed by Windows Server 8, and my database mail immediately fails after disabling SSL, TLS 1.0, and TLS 1.1. I've made sure that the SchUseStrongCrypto was added to the registry and my .NET Framework version is 4.8. Is there anything else that I'm missing?
    Wednesday, April 8, 2020 11:05 PM